Module org.elasticsearch.xcore
Class RoleReference.CrossClusterAccessRoleReference
java.lang.Object
org.elasticsearch.xpack.core.security.authz.store.RoleReference.CrossClusterAccessRoleReference
- All Implemented Interfaces:
RoleReference
- Enclosing interface:
RoleReference
public static final class RoleReference.CrossClusterAccessRoleReference
extends Object
implements RoleReference
Represents the role descriptors sent from the querying cluster to the fulfilling cluster as part of API key authentication based
cross cluster operations. This captures the permissions of the user entity on the querying cluster and is intersected with the
fulfilling-cluster-side permissions of the cross-cluster API key underlying the connection
(see
RoleReference.CrossClusterApiKeyRoleReference).-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.xpack.core.security.authz.store.RoleReference
RoleReference.ApiKeyRoleReference, RoleReference.ApiKeyRoleType, RoleReference.BwcApiKeyRoleReference, RoleReference.CrossClusterAccessRoleReference, RoleReference.CrossClusterApiKeyRoleReference, RoleReference.FixedRoleReference, RoleReference.NamedRoleReference, RoleReference.ServiceAccountRoleReference -
Constructor Summary
ConstructorsConstructorDescriptionCrossClusterAccessRoleReference(String userPrincipal, CrossClusterAccessSubjectInfo.RoleDescriptorsBytes roleDescriptorsBytes) -
Method Summary
Modifier and TypeMethodDescriptionid()Unique ID of the instance.voidresolve(RoleReferenceResolver resolver, ActionListener<RolesRetrievalResult> listener) Resolve concrete role descriptors for the roleReference.
-
Constructor Details
-
CrossClusterAccessRoleReference
public CrossClusterAccessRoleReference(String userPrincipal, CrossClusterAccessSubjectInfo.RoleDescriptorsBytes roleDescriptorsBytes)
-
-
Method Details
-
id
Description copied from interface:RoleReferenceUnique ID of the instance. Instances that have equal ID means they are equivalent in terms of authorization. It is currently used as cache key for role caching purpose. Callers can use this value to determine whether it should skip resolving the role descriptors and subsequently building the role.- Specified by:
idin interfaceRoleReference
-
resolve
Description copied from interface:RoleReferenceResolve concrete role descriptors for the roleReference.- Specified by:
resolvein interfaceRoleReference
-
getUserPrincipal
-
getRoleDescriptorsBytes
-